Why IT pros fear employee error, not hackers, will cause the most breaches

Why IT pros fear employee error, not hackers, will cause the most breaches

IT pros are more concerned with user error and malicious insiders than compromised accounts, according to a Gurucul report.

More about cybersecurity

The vast majority of IT and security pros fear insider threats. And these concerns are warranted, as nearly 75% of IT professionals say they are vulnerable to insider threats, according to a Thursday report from security and fraud analytics company Gurucul.

The report surveyed more than 650 international IT professionals to determine the prevalence of insider threats in companies. Insider threats are very much alive, with respondents ranking user error (39%) and malicious insiders (35%) over account compromise (26%) as their top concern.

Insider threats have the potential to impact all industries, but the manufacturing sector proved to be the most at risk, with 16% of IT professionals reporting they were “exceedingly vulnerable.” The healthcare sector followed at 10%, the report found.

Respondents from the tech sector reported malicious insiders as their main concern, with the retail industry citing user error, and financial services and healthcare pointing to account compromise. Insider threats have grown in recent years due to the amount of corporate data now moving to devices and cloud applications, resulting in the need for strong security measures to protect that moving data, according to a Bitglass survey.

Only 34% of respondents said they were able to detect threats in real time, the report found. However, the majority of companies (61%) are prioritizing detection and prevention of insider threats, and 39% said they are focusing on prediction and response.

“Insider threats have emerged the leading concern for companies of all sizes because they are so difficult to detect and have the potential to inflict the greatest damage to an organization,” Saryu Nayyar, CEO of Gurucul, said in a press release. “This explains why more than 60% of the companies surveyed are focused on detection and prevention.”

To stay protected, most organizations (61%) said they are monitoring users and devices to detect insider threats. Only 39% of respondents said they are monitoring privileged and service accounts, the report noted.